update apparmor profiles

parent bb52dfa7
......@@ -23,5 +23,5 @@ profile acpi @{exec_path} flags=(complain) {
@{sys}/devices/**/power_supply/*/{online,type} r,
@{sys}/devices/virtual/thermal/{,**} r,
#include <local/acpi>
#include if exists <local/acpi>
}
......@@ -50,5 +50,5 @@ profile adduser @{exec_path} {
# For lightdm
/var/lib/lightdm/{,*} w,
#include <local/adduser>
#include if exists <local/adduser>
}
......@@ -113,5 +113,5 @@ profile adequate @{exec_path} flags=(complain) {
}
#include <local/adequate>
#include if exists <local/adequate>
}
......@@ -201,5 +201,5 @@ profile amarok @{exec_path} {
}
#include <local/amarok>
#include if exists <local/amarok>
}
......@@ -25,5 +25,5 @@ profile amixer @{exec_path} flags=(complain) {
owner @{HOME}/.config/pulse/ r,
#include <local/amixer>
#include if exists <local/amixer>
}
......@@ -161,7 +161,7 @@ profile anki @{exec_path} {
owner @{HOME}/.xsession-errors w,
owner @{HOME}/.local/share/sddm/{xorg,wayland}-session.log w,
#include <local/anki_mpv>
#include if exists <local/anki_mpv>
}
profile lame {
......@@ -186,8 +186,8 @@ profile anki @{exec_path} {
owner @{HOME}/.xsession-errors w,
owner @{HOME}/.local/share/sddm/{xorg,wayland}-session.log w,
#include <local/anki_open>
#include if exists <local/anki_open>
}
#include <local/anki>
#include if exists <local/anki>
}
......@@ -174,5 +174,5 @@ profile anyremote @{exec_path} {
}
#include <local/anyremote>
#include if exists <local/anyremote>
}
......@@ -25,5 +25,5 @@ profile aplay @{exec_path} flags=(complain) {
owner @{HOME}/.config/pulse/ r,
#include <local/aplay>
#include if exists <local/aplay>
}
......@@ -63,5 +63,5 @@ profile appstreamcli @{exec_path} flags=(complain) {
}
#include <local/appstreamcli>
#include if exists <local/appstreamcli>
}
......@@ -132,9 +132,9 @@ profile apt @{exec_path} flags=(complain) {
/etc/passwd r,
/etc/group r,
#include <local/apt_dpkg-source>
#include if exists <local/apt_dpkg-source>
}
#include <local/apt>
#include if exists <local/apt>
}
......@@ -32,5 +32,5 @@ profile apt-cache @{exec_path} flags=(complain) {
owner /tmp/clearsigned.message.* rw,
#include <local/apt-cache>
#include if exists <local/apt-cache>
}
......@@ -91,5 +91,5 @@ profile apt-cdrom @{exec_path} flags=(complain) {
}
#include <local/apt-cdrom>
#include if exists <local/apt-cdrom>
}
......@@ -26,5 +26,5 @@ profile apt-config @{exec_path} flags=(complain) {
# file_inherit
/dev/tty[0-9]* rw,
#include <local/apt-config>
#include if exists <local/apt-config>
}
......@@ -35,5 +35,5 @@ profile apt-extracttemplates @{exec_path} flags=(complain) {
owner /tmp/*.{config,template}.?????? rw,
#include <local/apt-extracttemplates>
#include if exists <local/apt-extracttemplates>
}
......@@ -35,5 +35,5 @@ profile apt-file @{exec_path} flags=(complain) {
# file_inherit
/var/log/cron-apt/temp w,
#include <local/apt-file>
#include if exists <local/apt-file>
}
......@@ -20,5 +20,5 @@ profile apt-ftparchive @{exec_path} flags=(complain) {
/etc/apt/apt.conf r,
/etc/apt/apt.conf.d/{,*} r,
#include <local/apt-ftparchive>
#include if exists <local/apt-ftparchive>
}
......@@ -131,8 +131,8 @@ profile apt-get @{exec_path} flags=(complain) {
/etc/passwd r,
/etc/group r,
#include <local/apt-get_dpkg-source>
#include if exists <local/apt-get_dpkg-source>
}
#include <local/apt-get>
#include if exists <local/apt-get>
}
......@@ -92,5 +92,5 @@ profile apt-key @{exec_path} flags=(complain) {
}
#include <local/apt-key>
#include if exists <local/apt-key>
}
......@@ -53,5 +53,5 @@ profile apt-listbugs @{exec_path} {
# file_inherit
/dev/tty[0-9]* rw,
#include <local/apt-listbugs>
#include if exists <local/apt-listbugs>
}
......@@ -93,5 +93,5 @@ profile apt-listchanges @{exec_path} {
}
#include <local/apt-listchanges>
#include if exists <local/apt-listchanges>
}
......@@ -29,5 +29,5 @@ profile apt-mark @{exec_path} flags=(complain) {
owner /tmp/clearsigned.message.* rw,
#include <local/apt-mark>
#include if exists <local/apt-mark>
}
......@@ -25,5 +25,5 @@ profile apt-methods-cdrom @{exec_path} flags=(complain) {
# file_inherit
/dev/tty[0-9]* rw,
#include <local/apt-methods-cdrom>
#include if exists <local/apt-methods-cdrom>
}
......@@ -41,5 +41,5 @@ profile apt-methods-copy @{exec_path} flags=(complain) {
/dev/tty[0-9]* rw,
/var/log/cron-apt/temp w,
#include <local/apt-methods-copy>
#include if exists <local/apt-methods-copy>
}
......@@ -41,5 +41,5 @@ profile apt-methods-file @{exec_path} flags=(complain) {
/dev/tty[0-9]* rw,
/var/log/cron-apt/temp w,
#include <local/apt-methods-file>
#include if exists <local/apt-methods-file>
}
......@@ -25,5 +25,5 @@ profile apt-methods-ftp @{exec_path} flags=(complain) {
# file_inherit
/dev/tty[0-9]* rw,
#include <local/apt-methods-ftp>
#include if exists <local/apt-methods-ftp>
}
......@@ -75,5 +75,5 @@ profile apt-methods-gpgv @{exec_path} flags=(complain) {
/dev/tty[0-9]* rw,
/var/log/cron-apt/temp w,
#include <local/apt-methods-gpgv>
#include if exists <local/apt-methods-gpgv>
}
......@@ -54,5 +54,5 @@ profile apt-methods-http @{exec_path} flags=(complain) {
/dev/tty[0-9]* rw,
/var/log/cron-apt/temp w,
#include <local/apt-methods-http>
#include if exists <local/apt-methods-http>
}
......@@ -25,5 +25,5 @@ profile apt-methods-mirror @{exec_path} flags=(complain) {
# file_inherit
/dev/tty[0-9]* rw,
#include <local/apt-methods-mirror>
#include if exists <local/apt-methods-mirror>
}
......@@ -42,5 +42,5 @@ profile apt-methods-rred @{exec_path} flags=(complain) {
/dev/tty[0-9]* rw,
/var/log/cron-apt/temp w,
#include <local/apt-methods-rred>
#include if exists <local/apt-methods-rred>
}
......@@ -25,5 +25,5 @@ profile apt-methods-rsh @{exec_path} flags=(complain) {
# file_inherit
/dev/tty[0-9]* rw,
#include <local/apt-methods-rsh>
#include if exists <local/apt-methods-rsh>
}
......@@ -46,5 +46,5 @@ profile apt-methods-store @{exec_path} flags=(complain) {
/dev/tty[0-9]* rw,
owner /var/log/cron-apt/temp w,
#include <local/apt-methods-store>
#include if exists <local/apt-methods-store>
}
......@@ -23,5 +23,5 @@ profile apt-sortpkgs @{exec_path} flags=(complain) {
/usr/share/dpkg/cputable r,
/usr/share/dpkg/tupletable r,
#include <local/apt-sortpkgs>
#include if exists <local/apt-sortpkgs>
}
......@@ -144,6 +144,6 @@ profile aptitude @{exec_path} flags=(complain) {
}
#include <local/aptitude>
#include if exists <local/aptitude>
}
......@@ -39,5 +39,5 @@ profile arandr @{exec_path} {
/etc/nsswitch.conf r,
/etc/passwd r,
#include <local/arandr>
#include if exists <local/arandr>
}
......@@ -36,5 +36,5 @@ profile at-spi-bus-launcher @{exec_path} {
owner @{HOME}/.local/share/sddm/{xorg,wayland}-session.log w,
/var/log/lightdm/seat[0-9]*-greeter.log w,
#include <local/at-spi-bus-launcher>
#include if exists <local/at-spi-bus-launcher>
}
......@@ -24,5 +24,5 @@ profile at-spi2-registryd @{exec_path} {
owner @{HOME}/.xsession-errors w,
owner @{HOME}/.local/share/sddm/{xorg,wayland}-session.log w,
#include <local/at-spi2-registryd>
#include if exists <local/at-spi2-registryd>
}
......@@ -29,5 +29,5 @@ profile atftpd @{exec_path} {
# for libwrap (TCP Wrapper) support
/etc/hosts.{,allow,deny} r,
#include <local/atftpd>
#include if exists <local/atftpd>
}
......@@ -200,8 +200,8 @@ profile atom @{exec_path} {
owner @{HOME}/.xsession-errors w,
owner @{HOME}/.local/share/sddm/{xorg,wayland}-session.log w,
#include <local/atom_open>
#include if exists <local/atom_open>
}
#include <local/atom>
#include if exists <local/atom>
}
......@@ -26,5 +26,5 @@ profile badblocks @{exec_path} {
@{HOME}/** rwk,
/media/*/** rwk,
#include <local/badblocks>
#include if exists <local/badblocks>
}
......@@ -21,5 +21,5 @@ profile biosdecode @{exec_path} {
/dev/mem r,
#include <local/biosdecode>
#include if exists <local/biosdecode>
}
......@@ -66,5 +66,5 @@ profile birdtray @{exec_path} {
owner @{HOME}/.xsession-errors w,
owner @{HOME}/.local/share/sddm/{xorg,wayland}-session.log w,
#include <local/birdtray>
#include if exists <local/birdtray>
}
......@@ -36,5 +36,5 @@ profile blkid @{exec_path} {
@{HOME}/** r,
/media/*/** r,
#include <local/blkid>
#include if exists <local/blkid>
}
......@@ -22,5 +22,5 @@ profile blockdev @{exec_path} {
@{PROC}/partitions r,
#include <local/blockdev>
#include if exists <local/blockdev>
}
......@@ -19,5 +19,5 @@ profile bluetoothctl @{exec_path} flags=(complain) {
/etc/inputrc r,
#include <local/bluetoothctl>
#include if exists <local/bluetoothctl>
}
......@@ -36,5 +36,5 @@ profile bluetoothd @{exec_path} flags=(complain) {
# when connecting to a device
/dev/uinput rw,
#include <local/bluetoothd>
#include if exists <local/bluetoothd>
}
......@@ -213,8 +213,8 @@ profile brave @{exec_path} {
owner @{HOME}/.xsession-errors w,
owner @{HOME}/.local/share/sddm/{xorg,wayland}-session.log w,
#include <local/brave_open>
#include if exists <local/brave_open>
}
#include <local/brave>
#include if exists <local/brave>
}
......@@ -33,5 +33,5 @@ profile brave-browser @{exec_path} {
owner @{PROC}/@{pid}/fd/63 w,
#include <local/brave-browser>
#include if exists <local/brave-browser>
}
......@@ -32,5 +32,5 @@ profile brave-sandbox @{exec_path} {
@{PROC}/@{pids}/ r,
deny owner @{PROC}/@{pid}/oom_{,score_}adj rw,
#include <local/brave-sandbox>
#include if exists <local/brave-sandbox>
}
......@@ -51,5 +51,5 @@ profile btrfs @{exec_path} {
@{HOME}/** rw,
/media/*/** rw,
#include <local/btrfs>
#include if exists <local/btrfs>
}
......@@ -20,5 +20,5 @@ profile btrfs-convert @{exec_path} {
owner @{PROC}/@{pid}/mounts r,
#include <local/btrfs-convert>
#include if exists <local/btrfs-convert>
}
......@@ -25,5 +25,5 @@ profile btrfs-find-root @{exec_path} {
@{HOME}/** rw,
/media/*/** rw,
#include <local/btrfs-find-root>
#include if exists <local/btrfs-find-root>
}
......@@ -27,5 +27,5 @@ profile btrfs-image @{exec_path} {
@{HOME}/** rw,
/media/*/** rw,
#include <local/btrfs-image>
#include if exists <local/btrfs-image>
}
......@@ -25,5 +25,5 @@ profile btrfs-map-logical @{exec_path} {
@{HOME}/** rw,
/media/*/** rw,
#include <local/btrfs-map-logical>
#include if exists <local/btrfs-map-logical>
}
......@@ -20,5 +20,5 @@ profile btrfs-select-super @{exec_path} {
owner @{PROC}/@{pid}/mounts r,
#include <local/btrfs-select-super>
#include if exists <local/btrfs-select-super>
}
......@@ -24,5 +24,5 @@ profile btrfstune @{exec_path} {
owner /{,var/}run/blkid/blkid.tab{,-*} rw,
owner /{,var/}run/blkid/blkid.tab.old rwl -> /{,var/}run/blkid/blkid.tab,
#include <local/btrfstune>
#include if exists <local/btrfstune>
}
......@@ -23,5 +23,5 @@ profile ccze @{exec_path} {
/etc/cczerc r,
#include <local/ccze>
#include if exists <local/ccze>
}
......@@ -34,5 +34,5 @@ profile cfdisk @{exec_path} {
@{HOME}/** rwk,
/media/*/** rwk,
#include <local/cfdisk>
#include if exists <local/cfdisk>
}
......@@ -26,5 +26,5 @@ profile cgdisk @{exec_path} {
@{HOME}/** rwk,
/media/*/** rwk,
#include <local/cgdisk>
#include if exists <local/cgdisk>
}
......@@ -38,5 +38,5 @@ profile cgrulesengd @{exec_path} {
/etc/passwd r,
/etc/nsswitch.conf r,
#include <local/cgrulesengd>
#include if exists <local/cgrulesengd>
}
......@@ -33,5 +33,5 @@ profile chage @{exec_path} {
/etc/passwd.lock wl -> /etc/[email protected]{pid},
/etc/shadow.lock wl -> /etc/[email protected]{pid},
#include <local/chage>
#include if exists <local/chage>
}
......@@ -17,5 +17,5 @@ profile changestool @{exec_path} flags=(complain) {
@{exec_path} mr,
#include <local/changestool>
#include if exists <local/changestool>
}
......@@ -37,5 +37,5 @@ profile chfn @{exec_path} {
/etc/[email protected]{pid} w,
/etc/passwd.lock wl -> /etc/[email protected]{pid},
#include <local/chfn>
#include if exists <local/chfn>
}
......@@ -37,5 +37,5 @@ profile child-dpkg {